Please share with the community what you think needs improvement with Sophos SafeGuard.
What are its weaknesses? What would you like to see changed in a future version?
The solution's ability to integrate with other solutions, such as a DLP, should be addressed.
BitLocker comes from the OS license with Windows. It's a free solution. However, Sophos is a product we need to pay for. Therefore, using it is more expensive for our organization. It's also, in general, a pricey option. We'd like to lower costs. Sophos requires separate BAU operations and separate infrastructure. We require a server and few other things, as well as portals. However, a solution like BitLocker is integrated with the CCM now. It doesn't require any other infrastructure. It would be ideal if the solution had different features within one agent.
There are times that this solution takes up too much memory that needs to be resolved. If it is not fixed it will definitely create issues in the future. In an upcoming release, there should be more reports on the health status of the systems that we could fix, such as memory health, CPU utilization, and CPU health. These types of additions would be a great help.
It's a good product, but some are not happy with the boot BCN, and the point-to-point VPN requires the best protection. Better internet protection is required.
It just needs a little bit more on the reporting side. Its reporting can be improved a little bit in terms of being able to know that things are in the right status. I should be able to pull a report to make sure that everything is all right. It could also have cloud integration. At the time I was using it, it wasn't a cloud product.
The integration could be a little better. I use this solution frequently and I can't think of anything I would change.
The Office 360 integration could be improved, it's not so straightforward. It's been a challenge. When I moved from my mail in-house, on-prem, to Office 360 on cloud, I had a lot of challenges getting my mail to pass through the firewall. That's something I'm currently working on. Additional features I'd like to see would be more help results to the product. Maybe they could provide a way to train on the product, provide tutorials that could be easily accessed for people to easily understand the product quickly. I think that would help. The issue is not always the product but the configuration and the know-how to easily manage the system that sometimes make you not get the best out of the system. It's a matter of making resources available.
In the latest versions, from Windows 8 onwards, everything is encrypted using BitLocker. What we require is key management, and in particular, policy management surrounding keys. There should be an option wherein I should be able to set the policy to exploit the BitLocker POA keys, and able to manage and reset the keys. Right now, the solution doesn't have this as an option. From version eight, Windows 8 onwards, SafeGuard doesn't work 100% of the time. So we have to use BitLocker for the encrypting. Only the key management is done by SafeGuard. When you have the PPM chipset, you can have the power-on authentication, when you boot up your machine, you can set the six-digit passcode. As of right now, SafeGuard can't manage the six-digit passcode in terms of the expiration, and I need that added as a feature.
When you compare Sophos SafeGuard to Palo Alto and other enterprise firewalls solutions, Sophos doesn't have the same market. Palo Alto targets the SMB market and Sophos would like to approach the enterprise market, but it can be difficult to approach these customers without having the right offering. Sophos has a rich roadmap to cover this area, but we are not aware of it, so it difficult for us to approach these customers without having the right offering. In the next release, I would like to see more automation with the endpoint logging, but it's a special feature that is quite complicated to explain. There is a trick to implementing it. You have to implement some scripting into it.
The pricing could be improved. Technical support could be a bit better.
I would like to have more control over the files in the Sophos encryption system. This solution needs to have more data loss prevention techniques. Having a DLP integrated with the encryption engine would be very good.
The tutorials need to be simplified. The existing ones need to be easier to follow and we could use some tutorials for basic setups. They should aim to be more like Cisco, which offers very good tutorials and materials. If there was a way to automate the configuration, that would be ideal.
I would like to see a support-cloud, where Sophos creates a single package that contains all of its products.
We've only really been dealing with this solution for six months, so I haven't had time to note anything that is lacking in the solution. The cost is rather expensive. It's a pain point for many clients. They should work to see if they can reduce pricing.
The encryption could be improved. If they could find a way to make the encryption and decryption to be the same on the work-stations, it would be better. Some of the encryption settings have a complex configuration. Here in Egypt, they don't prioritize the selling of this solution and there is no compliance from the government. There is not enough marketing for this solution. If they give it some priority it will become more familiar to customers. Many of our customers need a solution that uses encryption technology. The security does not have 100% authentication. This solution is complex in the development process. Customers are asking for things that are needed in the development and this solution is not easy to develop. In the next release, I would like to see processing on the appliance and not to install it on any machine. It will be in the network layers and able to communicate with all workstations. It would be better to have the encryption and decryption processing on the appliance and not on the workstations.
The solution is not using other features like booting encryption, because it causes very heavy processing of the workstation. If they could find some way to handle the encryption and decryption to be lighter on the workstation it would be better. It would be ideal if the solution could make the processing possible on an appliance, instead of having to install it on a machine. Also, it should be in the network layers and communicate with more workstations. The encryption and decryption processing should not be on the workstation; rather it should be on the appliance.
If you're talking about technical support, their endpoint support needs improvement. Their UTM is doing well, however. If it's possible, they should make all the features available because it's got a lot of features on offer, but you have to buy the license in order to add those features to the normal Endpoint. If they could make all those features available and/or offer a bundling option it would be better.
Sophos SafeGuard is a German product. Sophos isn't really active in Europe. The Middle East, Africa, South Africa works with Sophos but their primary users aren't in Europe. They should market and push this solution to the European market.
What do you like most about Sophos SafeGuard?
Thanks for sharing your thoughts with the community!